Think-security - think-security.com - Think Security
General Information:
Latest News:
Digging tunnels with SSH 31 Jan 2011 | 09:32 am
SSH tunnels are an old trick, which is recently getting increasingly popular with all this content filtering happening at the corporate or even at the national level. This article demonstrates how to ...
ARP spoofing attack and defense 12 Dec 2010 | 12:49 am
As described in Wikipedia, ARP spoofing (otherwise known as ARP poisoning or Arp Poison Routing – APR) is a Layer 2 attack that can be carried out in most internal networks and therefore is extremely ...
Protect your Apache web server with mod_evasive 7 Nov 2010 | 03:20 am
Mod_evasive is an Apache module that is designed to limit the impact of different types of attacks (like DDoS, scripted or brute force) on your web site/server. When integrated with iptables, mod_evas...
DHCP starvation – quick and dirty 2 Oct 2010 | 10:31 pm
The DHCP starvation attack is quite simple to implement and therefore quite dangerous, especially if it grows to a DHCP spoofing attack. It can be used to implement a Denial of Service (DoS) attack ag...
IP over DNS 5 Sep 2010 | 10:50 pm
Sometimes while you are performing a penetration test, you need to break out from a supposedly isolated network like an internal VLAN in a bank, or a process network full of SCADA equipment. Such netw...
DTP – Share it 19 Aug 2010 | 04:22 pm
The one thing that is always overlooked, when someone tries to secure a network, is the user side. It is rare to see a DMZ network, that is protected by a firewall from the users. The general idea is ...
GnuPG – quick console guide 24 Jul 2010 | 04:41 am
This short gpg howto demonstrates how to use the Gnu Privacy Guard (GnuPG) tools on Unix/Linux systems. By following this guide you will understand how to generate a gpg key and you will go through th...
Wireless WEP (in)security 20 Jun 2010 | 05:12 pm
Wireless security has been a great concern for the IT security professionals from at least a decade. It is difficult to protect something that you can’t see, that goes through walls and that everyone ...
Metasploitable – your first training ground 18 May 2010 | 10:45 pm
Metasploitable is a VMware based virtual machine running Ubuntu 8.04 server. A number of vulnerable services have been included, some of which are an install of tomcat 5.5 (with weak credentials), dis...
Persistent Meterpreter over Reverse HTTPS 15 Apr 2010 | 03:00 am
Botnet agents and malware go through inordinate lengths to hide their command and control traffic. From a penetration testing perspective, emulating these types of communication channels is possible, ...
